Lucene search
CVE-2021-37712
🗓️ 31 Aug 2021 17:08:15Reported by GitHub_MType 
cve🔗 web.nvd.nist.gov📰️ 22 Media mentions👁 288 Views
npm package "tar" has arbitrary file creation/overwrite and code execution vulnerability before versions 4.4.18, 5.0.10, 6.1.9
Show more
| Reporter | Title | Published | Views | Family All 122 |
|---|---|---|---|---|
 | Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links | 31 Aug 202116:10 | – | nodejs |
 | CVE-2021-37712 | 31 Aug 202100:00 | – | ubuntucve |
 | UBUNTU-CVE-2021-37712 | 31 Aug 202117:15 | – | osv |
| GHSA-QQ89-HQ3F-393P Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links | 31 Aug 202116:05 | – | osv |
| CVE-2021-37712 | 31 Aug 202117:15 | – | osv |
| DSA-5008-1 node-tar - security update | 11 Nov 202100:00 | – | osv |
| DLA-3237-1 node-tar - security update | 12 Dec 202200:00 | – | osv |
| MGASA-2022-0103 Updated nodejs-tar packages fix security vulnerability | 21 Mar 202220:18 | – | osv |
| RHSA-2022:0041 Red Hat Security Advisory: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security update | 30 Sep 202414:18 | – | osv |
| OPENSUSE-SU-2021:1552-1 Security update for nodejs14 | 10 Dec 202109:43 | – | osv |
10
Node
Node
Node
[
{
"vendor": "npm",
"product": "node-tar",
"versions": [
{
"version": "< 4.4.18",
"status": "affected"
},
{
"version": ">= 5.0.0, < 5.0.10",
"status": "affected"
},
{
"version": ">= 6.0.0, < 6.1.9",
"status": "affected"
}
]
}
]10
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo31 Aug 2021 17:15Current
7.5High risk
Vulners AI Score7.5
CVSS24.4
CVSS38.2 - 8.6
EPSS0.00023